andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

TVK Operator v2.6.6 - make charts output

pull/313/head
root 2022-01-12 18:30:33 +00:00
parent c2d23057cf
commit 28fb5c6c96
22 changed files with 2161 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.600.tgz Normal file
View File

Binary file not shown.

23
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# Helm files
OWNERS

18
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: 2.6.6
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.18.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
version: 2.6.600

1
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/LICENSE Normal file
View File

@ -0,0 +1 @@
# Placeholder for the License if we decide to provide one

124
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/README.md Normal file
View File

@ -0,0 +1,124 @@
# K8s-TrilioVault-Operator
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
## Introduction
## Prerequisites
- Kubernetes 1.18+
- Alpha feature gates should be enabled
- PV provisioner support
- CSI driver should be installed
## Installation
To install the operator on local setup just run the latest helm charts inside this repo
```shell script
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
helm install tvm trilio-vault-operator/k8s-triliovault-operator
```
Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows:
```
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
triliovault: k8s
name: tvk
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
host: "trilio.co.in"
tlsSecretName: "secret-name"
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
componentConfiguration:
web-backend:
resources:
requests:
memory: "400Mi"
cpu: "200m"
limits:
memory: "2584Mi"
cpu: "1000m"
ingress-controller:
enabled: true
service:
type: LoadBalancer
```
### Apply the Custom Resource
Apply `TVM.yaml`:
```shell
kubectl create -f TVM.yaml
```
Check that the pods were created:
```
kubectl get pods
```
```
NAME READY STATUS RESTARTS AGE
k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s
k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s
k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s
k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s
k8s-triliovault-ingress-controller-84cf46848-tkcdz 1/1 Running 0 18s
k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s
tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s
```
Check that ingress controller service is of type LoadBalancer:
```
k8s-triliovault-admission-webhook ClusterIP 10.255.241.108 <none> 443/TCP 2m7s
k8s-triliovault-ingress-gateway LoadBalancer 10.255.254.153 34.75.176.146 80:30737/TCP,443:30769/TCP 2m7s
k8s-triliovault-web ClusterIP 10.255.245.52 <none> 80/TCP 2m7s
k8s-triliovault-web-backend ClusterIP 10.255.250.166 <none> 80/TCP 2m7s
kubernetes ClusterIP 10.255.240.1 <none> 443/TCP 6m9s
tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.255.249.77 <none> 443/TCP 3m22s
```
Check that ingress resources has the host defined by the user:
```
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault-ingress-master nginx trilio.co.in 80 98s
k8s-triliovault-ingress-minion nginx trilio.co.in 80 98s
```
## Delete
```shell
kubectl delete -f TVM.yaml
```
## Uninstall
To uninstall/delete the operator helm chart :
```bash
helm uninstall tvm
```
## TrilioVaultManager compatibility
The following table captures the compatibility matrix of the TrilioVault Manager against TVK:
| TVM Version | TVK 2.5.2 | TVK 2.5.1 | TVK 2.5.0 | TVK 2.1.0 | TVK 2.0.5 | TVK 2.0.4 | TVK 2.0.3 | TVK 2.0.2 | TVK 2.0.1 |
|-------------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|
| 2.5.2 | yes | yes | yes | yes | yes | yes | yes | yes | yes |
| 2.5.0 | no | yes | yes | yes | yes | yes | yes | yes | yes |
| v2.1.0 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.5 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.2 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.1 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.0 | no | no | no | yes | yes | yes | yes | yes | yes |

37
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/app-readme.md Normal file
View File

@ -0,0 +1,37 @@
# TrilioVault for Kubernetes
[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage
the K8s-TrilioVault Application Lifecycle.
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
Introduction:
Prerequisites:
Kubernetes 1.17+
Alpha feature gates should be enabled
PV provisioner support
CSI driver should be installed
Installation:
To install the chart with the operator name trilio:
helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator
# For helm version 3
helm install triliovault-operator triliovault-operator/k8s-triliovault-operator
The command deploys the Triliovault for Kubernetes Operator with the default configuration.
Uninstall:
To uninstall/delete the chart trilio :
# For helm version 3
helm uninstall k8s-triliovault-operator
For more information around TVM manager installation, please follow below link:
https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault

1183
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/crds/triliovault.trilio.io_triliovaultmanagers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

66
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/NOTES.txt Normal file
View File

@ -0,0 +1,66 @@
TrilioVault Operator is a helm based operator which install/upgrade/delete the helm Chart of the TrilioVault For Kubernetes.
This operator watches over the entire helm application of TrilioVault for Kubernetes and has self-healing capabilities.
To verify that TrilioVault Operator has started, run:
kubectl --namespace={{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}"
{{ if .Values.installTVK.enabled }}
In one click install, a cluster scope TVM custom resource {{ .Release.Name }}-tvk is created, you can check its
configuration by running following command:
kubectl get triliovaultmanagers.triliovault.trilio.io {{ .Release.Name }}-tvk -o yaml
{{- else }}
Once the Triliovault operator is in running state, you can create the TrilioVault for Kubernetes(TVK) with the
following custom resource:
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
app: triliovault
name: {{ .Release.Name }}-tvk
namespace: {{ .Release.Namespace }}
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
ingressConfig:
host: "tvk.trilio.net"
componentConfiguration:
ingress-controller:
enabled: true
service:
type: LoadBalancer
Once the above CR has been created, you have to wait for the TVK pods to come up.
{{- end }}
To check all the TVK pods come into running state, run:
kubectl --namespace {{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}-tvk-{{ .Release.Namespace }}"
Once all the pods are in running state, you can access the TVK UI from your browser using following steps:
{{- if .Values.installTVK.enabled }}
{{- if eq .Values.installTVK.ComponentConfiguration.ingressController.service.type "LoadBalancer" }}
1. Add the /etc/hosts entry: `<ExternalIP of k8s-triliovault-ingress-gateway service> {{ .Release.Namespace}}.k8s-tvk.com`
2. Hit the URL in browser: https://{{ .Release.Namespace}}.k8s-tvk.com
{{- else }}
1. Add the /etc/hosts entry: `<NodeIP> {{ .Release.Namespace}}.k8s-tvk.com`
2. Find the NodePort from the service `k8s-triliovault-ingress-gateway`
3. Hit the URL in browser with NodePort: http://{{ .Release.Namespace}}.k8s-tvk.com:<Node-Port>/
{{- end }}
{{- else }}
1. Add the /etc/hosts entry: `<ExternalIP of ingress service> tvk.trilio.net`
2. Hit the URL in browser: https://tvk.trilio.net
Note: The host `tvk.trilio.net` is used from the `ingressConfig.host` defined in the TVM CR by the user.
{{- end }}
For more details on how to access the TVK UI, follow this guide: https://docs.trilio.io/kubernetes/management-console/user-interface/accessing-the-ui
You can start backup and restore of your application using TVK. For more details on how to do that, please follow our
getting started guide: https://docs.trilio.io/kubernetes/getting-started/getting-started-1

41
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/TVMCustomResource.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- if .Values.installTVK.enabled }}
{{- if not (lookup "triliovault.trilio.io/v1" "TrilioVaultManager" "" "").items }}
{{template "k8s-triliovault-operator.tlsSecretValidation" .}}
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
name: "triliovault-manager"
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install
spec:
{{- if eq .Chart.Version "0.1.0" }}
trilioVaultAppVersion: latest
{{- else}}
trilioVaultAppVersion: {{ .Chart.AppVersion }}
{{- end }}
applicationScope: {{ .Values.installTVK.applicationScope }}
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
{{- if and (gt (len .Values.installTVK.ingressConfig.annotations) 0) (not .Values.installTVK.ComponentConfiguration.ingressController.enabled) }}
annotations:
{{- range $key, $value := .Values.installTVK.ingressConfig.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end -}}
{{- end }}
host: {{ .Values.installTVK.ingressConfig.host | default (printf "%s.k8s-tvk.com" $.Release.Namespace) | quote }}
{{- if not .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
ingressClass: {{ .Values.installTVK.ingressConfig.ingressClass | quote }}
{{- end }}
{{- if .Values.installTVK.ingressConfig.tlsSecretName }}
tlsSecretName: {{ .Values.installTVK.ingressConfig.tlsSecretName | quote }}
{{- end }}
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
componentConfiguration:
ingress-controller:
enabled: {{ .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
service:
type: {{ .Values.installTVK.ComponentConfiguration.ingressController.service.type }}
{{- end -}}
{{- end -}}

66
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,66 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "k8s-triliovault-operator.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "k8s-triliovault-operator.appName" -}}
{{- printf "%s" .Chart.Name -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "k8s-triliovault-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper TrilioVault Operator image name
*/}}
{{- define "k8s-triliovault-operator.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{/*
Validation of the secret of CA bundle if provided
*/}}
{{- define "k8s-triliovault-operator.caBundleValidation" -}}
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- if not (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP) }}
{{ fail "Proxy CA bundle proxy is not present in the release namespace" }}
{{- else }}
{{- $caMap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP).data }}
{{- if not (get $caMap "ca-bundle.crt") }}
{{ fail "Proxy CA certificate file key should be ca-bundle.crt" }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Validation for the ingress tlsSecret, should exists if provided
*/}}
{{- define "k8s-triliovault-operator.tlsSecretValidation" }}
{{- if .Values.installTVK.ingressConfig.tlsSecretName -}}
{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.installTVK.ingressConfig.tlsSecretName ) -}}
{{ fail "Ingress tls secret is not present in the release namespace" }}
{{- end -}}
{{- end -}}
{{- end -}}

125
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,125 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role
app.kubernetes.io/managed-by: {{ .Release.Service }}
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
- services
- services/finalizers
- secrets
- events
- pods
- endpoints
- configmaps
verbs:
- create
- update
- delete
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- update
- delete
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- update
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- create
- update
- delete
- patch
- bind
- escalate
- apiGroups:
- triliovault.trilio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- delete
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- update
- patch
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- patch
- update
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- delete

17
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole_binding.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding
app.kubernetes.io/managed-by: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role
subjects:
- kind: ServiceAccount
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
namespace: {{ .Release.Namespace }}

202
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/deployment.yaml Normal file
View File

@ -0,0 +1,202 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
hostNetwork: {{ .Values.podSpec.hostNetwork }}
hostIPC: {{ .Values.podSpec.hostIPC }}
hostPID: {{ .Values.podSpec.hostPID }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
{{- end }}
containers:
- name: k8s-triliovault-operator
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
{{- if .Values.tvkEnv }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
{{- end}}
{{- if .Values.tvkHelmRepo }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
{{- end }}
- name: INSTALL_NAMESPACE
value: {{ .Release.Namespace }}
- name: REGISTRY
value: {{ .Values.registry }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
livenessProbe:
httpGet:
path: /healthz
port: 8081
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /readyz
port: 8081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
mountPath: /root/.helm
readOnly: true
{{- if .Values.tls.verify }}
- name: helm-tls-ca
mountPath: /root/.helm/ca.crt
readOnly: true
{{- end }}
{{- end }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-certs
readOnly: true
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 10Mi
initContainers:
- name: webhook-init
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
- name: RELEASE_VERSION
value: {{ .Chart.AppVersion }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
- name: WEBHOOK_SERVICE
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
- name: WEBHOOK_NAMESPACE
value: {{ .Release.Namespace }}
- name: SECRET_NAME
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
volumeMounts:
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
{{- if .Values.nodeSelector }}
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
configMap:
name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
secret:
secretName: {{ .Values.tls.secretName }}
defaultMode: 0400
{{- if .Values.tls.verify }}
- name: helm-tls-ca
configMap:
name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
defaultMode: 0600
{{- end }}
{{- end }}
- name: webhook-certs
secret:
defaultMode: 420
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs

31
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/mutating-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /mutate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-mutation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None
admissionReviewVersions:
- v1

37
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/ns-validating-webhook.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-core-v1-namespace
failurePolicy: Fail
name: v1-tvm-ns-validation.trilio.io
namespaceSelector:
matchExpressions:
- key: trilio-operator-label
operator: In
values:
- {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- namespaces
scope: '*'
sideEffects: None
admissionReviewVersions:
- v1

21
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/proxyConfig.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.proxySettings.PROXY_ENABLED }}
{{ template "k8s-triliovault-operator.caBundleValidation" . }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-proxy
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
{{- range $key, $val := .Values.proxySettings }}
{{ $val = $val| toString | b64enc }}
{{- if $val -}}
{{ $key }}: {{ $val }}
{{- end -}}
{{- end }}
type: Opaque
{{- end }}

11
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs
app.kubernetes.io/managed-by: {{ .Release.Service }}
type: Opaque

10
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/serviceAccount.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account
app.kubernetes.io/managed-by: {{ .Release.Service }}

31
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/validating-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-validation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None
admissionReviewVersions:
- v1

19
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/webhook-service.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"

76
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/values.yaml Normal file
View File

@ -0,0 +1,76 @@
## TrilioVault Operator
registry: "eu.gcr.io/amazing-chalice-243510"
operator-webhook-init:
repository: operator-webhook-init
k8s-triliovault-operator:
repository: k8s-triliovault-operator
tag: "2.6.6"
tvkHelmRepo: ""
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
image:
pullPolicy: Always
tls:
secretName: "helm-client-certs"
verify: false
enable: false
keyFile: "tls.key"
certFile: "tls.crt"
caContent: ""
hostname: ""
nameOverride: ""
replicaCount: 1
proxySettings:
PROXY_ENABLED: false
NO_PROXY: ""
HTTP_PROXY: ""
HTTPS_PROXY: ""
CA_BUNDLE_CONFIGMAP: ""
podSpec:
hostIPC: false
hostNetwork: false
hostPID: false
securityContext:
runAsNonRoot: true
runAsUser: 1001
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
installTVK:
enabled: true
applicationScope: Cluster
ingressConfig:
host: ""
tlsSecretName: ""
annotations: {}
ingressClass: ""
ComponentConfiguration:
ingressController:
enabled: true
service:
type: LoadBalancer

22
index.yaml
View File

@ -1815,6 +1815,28 @@ entries:
- assets/instana-agent/instana-agent-1.0.2900.tgz
version: 1.0.2900
k8s-triliovault-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: 2.6.6
created: "2022-01-12T18:30:01.203743912Z"
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
digest: eedd4a4abfd9c33b87ac07ba1c2dd97c30743f31bd449fe4196e84a0d5fc22a4
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.18.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
urls:
- assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.600.tgz
version: 2.6.600
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator